Master Linux Permissions: Set chmod, chown, sgid, suid, sticky bit

Table of Contents

Introduction

Managing file and directory permissions in Linux is essential for maintaining system security and ensuring controlled access. Understanding commands like chmod, chown, chgrp, and special permissions like SUID, SGID, and the sticky bit helps administrators prevent unauthorized access and secure sensitive data. Proper permission management is not just about setting limits, but about optimizing access control across users and groups to protect your system. In this article, we’ll guide you through the various permission settings and how they contribute to a secure Linux environment.

What is Linux file permissions management?

Linux file permissions management involves using commands like chmod, chown, and chgrp to control who can access files and what actions they can perform. It allows system administrators to set and modify read, write, and execute permissions for users, groups, and others. This system ensures that sensitive data is protected and that users only have access to the files and directories they need. Additionally, special permissions like SUID, SGID, and sticky bits provide extra control for system security.

Understanding Linux Permissions

Imagine you’re running a busy library, and it’s up to you to decide who gets access to what in the library’s vast collection of books and rooms. In Linux, permissions work like that library’s security system, making sure that only the right people can access the right files and directories. These permissions are shown by three sets of characters or numbers, each one representing a different user or group. They control the actions each user can perform on a file.

At the top of the list is the User (u), the file or directory’s owner. This is usually the person who created the file, but ownership can be changed. Next, there’s the Group (g), which is a set of users who share the same permissions for that file or directory. Finally, we have Others (o), everyone else who isn’t the owner or part of the group.

For each of these categories, Linux defines three basic types of permissions:

  • Read (r or 4): This is like being able to glance at the content of the book or look at the list of items in the directory.
  • Write (w or 2): This permission lets you edit the contents of the file or, in the case of a directory, create new files or delete old ones.
  • Execute (x or 1): This permission lets you open the file as a program or enter a directory to explore what’s inside.

When you run the 

$ ls -l
command, you’ll see a 10-character string that represents these permissions. The first character tells you what type of file it is—whether it’s a regular file, a directory, or a symbolic link. The next nine characters are split into three sets of three characters each, showing the permissions for the user, group, and others, respectively. For example:

Output 
rwxr-xr–

means:

  • rwx: The owner can read, write, and execute the file.
  • r-x: The group can read and execute, but they can’t modify the file.
  • r–: Others can only read the file, they can’t change or run it.

Knowing how to interpret this string is key to managing your files and making sure they’re secure.

Numeric Representation of Permissions

Instead of using the symbolic rwx format, you can also use numbers to represent permissions. This is called numeric or octal notation, and it gives you a quicker way to set permissions for all three categories at once.

Here’s how the numbers break down:

  • 4 represents read permission,
  • 2 represents write permission,
  • 1 represents execute permission.

You can add these numbers together to form different combinations. For example:

  • 7 (4 + 2 + 1) = read, write, and execute.
  • 6 (4 + 2) = read and write.
  • 5 (4 + 1) = read and execute.
  • 4 = read only.
  • 3 (2 + 1) = write and execute.
  • 2 = write only.
  • 1 = execute only.
  • 0 = no permissions.

So, if you set permissions with 

$ chmod 755
, this is what happens:

  • Owner (7) gets read, write, and execute permissions.
  • Group (5) gets read and execute permissions.
  • Others (5) get read and execute permissions.

This numeric system is great because it’s quick and easy to use, especially for setting more complex permission schemes with just three digits.

Special Permissions

Linux doesn’t stop at just read, write, and execute. It also offers special permissions that give you even more control over your files and directories.

  • SUID (Set User ID): Imagine you have a file locked up tight, but when you open it, it lets you act as though you are the file’s owner, not just a regular user. When this permission is applied to an executable file, it runs with the owner’s permissions instead of the user’s. To set this, use:

$ chmod u+s filename

Example:

$ chmod 4755 /usr/bin/passwd

  • SGID (Set Group ID): This is like the SUID, but for groups. When applied to an executable file, it runs with the group’s permissions. When applied to a directory, any new files created inside it automatically inherit the group of the directory. Set it with:

$ chmod g+s filename

Example:

$ chmod 2775 /shared/project_dir

  • Sticky Bit: If you’re working in a shared directory and want to make sure that only the file’s owner (or the directory owner) can delete their files, use the sticky bit. Set it with:

$ chmod +t directory

Example:

$ chmod 1777 /tmp

These special permissions are important for when you need more control, especially in shared environments where many users work with the same files.

How to Check Permissions

To check the permissions on a file or directory, you can use the 

$ ls -l
command. This command will show you detailed information, like the permissions, ownership, size, and the last time it was modified. To check a specific file, run:

$ ls -l /path/to/file

If you need even more details, try using the 

$ stat
command. It gives you everything you need to know about a file or directory, from its type to the permissions and timestamps. To use it, run:

$ stat /path/to/file

Here are some handy flags for both 

$ ls
and 
$ stat
:

  • $ ls -l
    : Shows detailed information about the file or directory.
  • $ ls -a
    : Lists all files, including hidden ones.
  • $ ls -d
    : Lists only the directory itself, not its contents.
  • $ stat -c %A
    : Displays file permissions in a format you can easily read.
  • $ stat -f
    : Shows file system information.
  • $ stat -t
    : Shows short, simple details, which is great for scripts.

File and Directory Permission Basics

Let’s walk through an example of what a permission string looks like, using a file called script.sh :

Output 
-rwxr-xr– 1 user group 4096 Apr 25 10:00 script.sh

The first character () shows that it’s a regular file. If it were a directory, it would show d.

The next three characters (rwx) show the owner’s permissions: read, write, and execute.

The next three characters (r-x) show the group’s permissions: read and execute.

The last three characters (r–) show the permissions for others: read-only.

Now let’s convert those permissions into numbers:

  • rwx = 7 (read, write, execute)
  • r-x = 5 (read, execute)
  • r– = 4 (read only)

To set these permissions, you would use the command:

$ chmod 755 filename

The chmod Command: Symbolic and Numeric Modes

The 

$ chmod
command is your tool for changing file and directory permissions. You can use it in two ways: symbolic (with letters) or numeric (with numbers).

Numeric Mode Examples:

  • $ chmod 755 filename
    : Sets the permissions to rwxr-xr-x, letting the owner read, write, and execute; the group to read and execute; and others to read and execute.
  • $ chmod 644 document.txt
    : Sets the permissions to rw-r–, letting the owner read and write, the group to read, and others to read.
  • $ chmod 700 private.sh
    : Sets the permissions to rwx——, letting only the owner read, write, and execute, while blocking everyone else.

Symbolic Mode Examples:

  • $ chmod u+x script.sh
    : Adds execute permission for the user (owner), allowing them to run the script.
  • $ chmod g-w file.txt
    : Removes write permission for the group, so they can’t modify the file.
  • $ chmod o=r file.txt
    : Makes the file read-only for others, so they can view but not modify it.

Examples of chmod Usage

Here are some real-world examples to see how 

$ chmod
works:

  • Giving Read-Only Permission to a User: Use the numeric mode 400 to set the file to r–, letting the owner read it but not write or execute it:

$ chmod 400 file.txt

  • Granting Write Permission to a Folder: To give a user write permission for a folder, use u+w:

$ chmod u+w /path/to/folder

  • Making a Script Executable: To make a script executable, use +x:

$ chmod +x deploy.sh

These examples show how handy 

$ chmod
can be when you need to manage permissions.

How to Use chown and chgrp

The 

$ chown
and 
$ chgrp
commands help you manage who owns files and directories. They make sure the right people have access to the right files.

The chown Command:
The 

$ chown
command changes the owner and group of a file or directory. To change the owner, use:

$ sudo chown username file.txt

To change both the owner and the group, use:

$ sudo chown username:groupname file.txt

The chgrp Command:
The 

$ chgrp
command lets you change the group ownership without changing the file’s owner. To change the group, use:

$ sudo chgrp groupname file.txt

Recursive Permissions in Linux

When you have lots of files or directories, you can apply permissions to everything at once using recursion. It makes managing permissions way easier.

Basic Syntax: 

$ chmod -R permissions directory

For example:

$ chmod -R 755 /var/www/html

This command sets the permissions of the /var/www/html directory and everything inside it to 755.

Examples of Recursive Permissions:

  • Changing Ownership: To change ownership for a directory and all its files, use:

$ chown -R user:group /var/www/html

Common Use Cases

Here are a few ways Linux permissions come in handy:

  • Web Hosting Setup: Set the permissions for your hosting folder so the server can read and run files, but others can’t change them:

$ chmod -R 755 /var/www/html

  • Deploying Scripts: To make a deployment script executable:

$ chmod 755 deploy.sh

  • Collaborating on Group Projects: When working with a team, assign group permissions so everyone can edit files:

$ chown -R :developers project

$ chmod -R 775 project

Common Errors and Solutions

We all make mistakes, but here’s how to fix some common ones:

  • Setting 777 Everywhere: Giving everyone full access with 777 is a security risk. Use more specific permissions like:

$ chmod -R 755 /path/to/directory

$ chmod -R 644 /path/to/file

  • Forgetting Execute Permission on Scripts: If a script won’t run, it might not have execute permissions. Use:

$ chmod u+x script.sh

  • Breaking Web/App Access with Incorrect Permissions: Make sure the web server can access its files:

$ chown -R www-data:www-data /var/www/html

$ chmod -R 755 /var/www/html

Best Practices

  • DOs:
    • Use the Least-Privilege Principle: Start with the least permissions and only increase them when necessary.
    • $ chmod 755 directory
  • DON’Ts:
    • Avoid Using chmod 777: Don’t use 777 unless absolutely needed.
    • $ chmod 755 directory
    • Don’t Forget to Set Execute Permissions on Scripts:
    • $ chmod +x script.sh
    • Don’t Break App Access by Over-Restricting Files:
    • $ chmod 644 file.txt

FAQs

  1. How do you set permissions in Linux? Use the 
    $ chmod
    command:

$ chmod 755 filename

What is chmod 755 or 777? 

$ chmod 755
allows the owner to read, write, and execute, the group to read and execute, and others to read and execute. 
$ chmod 777
grants full access to everyone.

What is chmod 666 or 777? 

$ chmod 666
lets everyone read and write, but not execute. 
$ chmod 777
grants everyone full permissions.

What is chmod 400? 

$ chmod 400
lets the owner read, but denies all access to the group and others:

$ chmod 400 filename

Linux Permissions Overview

Conclusion

In conclusion, mastering Linux permissions with commands like chmod, chown, and chgrp is essential for securing your system and controlling access to sensitive data. By understanding how to set both symbolic and numeric permissions, as well as leveraging special permissions such as SUID, SGID, and the sticky bit, you can create a robust security framework for your Linux environment. Proper permission management is key to preventing unauthorized access and ensuring that your system runs smoothly and securely. As the demand for secure systems continues to grow, staying updated on the latest permission practices will help you maintain better control and protect your data in the long run.Remember, the right configuration of Linux file permissions not only improves security but also enhances the overall performance and reliability of your system. Keep refining your skills and adapt to evolving security standards to stay ahead in the ever-changing landscape of Linux administration.

Master Bashrc Customizations in Linux: Optimize Your Terminal Environment

Picture of Alireza Pourmahdavi

Alireza Pourmahdavi

I’m Alireza Pourmahdavi, a founder, CEO, and builder with a background that combines deep technical expertise with practical business leadership. I’ve launched and scaled companies like Caasify and AutoVM, focusing on cloud services, automation, and hosting infrastructure. I hold VMware certifications, including VCAP-DCV and VMware NSX. My work involves constructing multi-tenant cloud platforms on VMware, optimizing network virtualization through NSX, and integrating these systems into platforms using custom APIs and automation tools. I’m also skilled in Linux system administration, infrastructure security, and performance tuning. On the business side, I lead financial planning, strategy, budgeting, and team leadership while also driving marketing efforts, from positioning and go-to-market planning to customer acquisition and B2B growth.
Caasify
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.